package com.example.securitydemos.config;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;


/**
 *
 * 前后端分离时处理json响应信息
 */
//@EnableWebSecurity
public class SecurityConfig_前后端分离 extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .anyRequest()
                .authenticated()
                .and()
                .formLogin()
                .permitAll()
                //认证成功时的处理器
                .successHandler(new SecurityAuthenticationSuccessHandler())
                //认证失败时的处理器
                .failureHandler(new SecurityAuthenticationFailureHandler())
                .and()
                .logout()
                //退出登录时的处理器
                .logoutSuccessHandler(new SecurityLogoutSuccessHandler())
                .and()
                .csrf()
                .disable()
                //当未认证时访问某些资源,则由该认证入口类来处理.
                .exceptionHandling()
                //未登录时的处理器(加了这个之后就不能访问http://localhost:8080/login,没登陆也不会跳转到这里)
                /*.authenticationEntryPoint(new SecurityAuthenticationEntryPoint())*/;
    }

}